Zimbra Collaboration Suite 7.0
Zimbra Collaboration Suite 7.0
Administrator's Guide
Open Source Edition

Appendix A Command-Line Utilities > zmprov (Provisioning)

zmprov (Provisioning)
The zmprov tool performs all provisioning tasks in Zimbra LDAP, including creating accounts, aliases, domains, COS, distribution lists, and calendar resources. Each operation is invoked through command-line options, each of which has a long name and a short name.
The syntax is zmprov [cmd] [argument].
The syntax for modify can include the prefix “+” or “-” so that you can make changes to the attributes affected and do not need to reenter attributes that are not changing.
The following example would add the attribute zimbraZimletUserProperties with the value “blue” to user 1 and would not change the value of any other instances of that attribute.
zmprov ma user1 +zimbraZimletUserProperties "com_company_testing:favoriteColor:blue"
The attributes for the tasks zmprov can be used with are listed when you type zmprov -h. The task area divided into the following sections:
--log property file
use Zimbra admin name/password from localconfig for admin/password
--authtoken (authtoken)
use auth token string (has to be in JSON format) from command line
--authtoken (authtoken file)
use auth token string (has to be in JSON format) from command line
The commands in the following table are divided into the tasks types.
Short Name
zmprov aaa joe@domain.com joe.smith@engr.domain.com
Note: This command does not check the password age or history.
Syntax:{name@domain} {password} [attribute1 value1 etc]
{name@domain} {ds-type} {ds-name} [attr1 value1 [attr2 value2...]]
{name@domain} {identity-name} [attr1 value1 [attr2 value2...]]
{name@domain} {signature-name} [attr1 value1 [attr2 value2...]]
{name@domain|id|adminName} [attribute1 value1 etc]
zmprov ma joe@domain.com zimbraAccountStatus maintenance
{name@domain | id} {ds-name |ds-id} [attr 1 value 1 [attr2 value 2...]]
{name@domain |id} {identity-name} [attr 1 value 1 [attr 2 value 2...]]
{name@domain |id} {signature-name | signature-id} [attr 1 value 1 [attr 2 value 2...]]
zmprov raa joe@domain.com joe.smith@engr.domain.com
{name@domain|id} {newname@domain}
Note: Passwords cannot included accented characters in the string. Example of accented characters that cannot be used: ã, é, í, ú, ü, ñ.
{name@domain|id} {newName@domain}
This lists each COS, the COS ID and the number of accounts assigned to each COS
{alias-domain-name} {local-domain-name|id} [attr1 value1 [attr2 value2...]]
zmprov cd mktng.domain.com zimbraAuthMech zimbra
zmprov md domain.com zimbraGalMaxResults 500
Do not modify zimbraDomainRenameInfo manually. This is automatically updated when a domain is renamed.
renameDomain can only be used with “zmprov -l/--ldap
zmprov cc Executive zimbraAttachmentsBlocked FALSE zimbraAuthTokenLifetime 60m zimbraMailQuota 100M zimbraMailMessageLifetime 0
zmprov mc Executive zimbraAttachmentsBlocked TRUE
zmprov ms domain.com zimbraVirusDefinitionsUpdateFrequency 2h
Used to publish into nginx.conf what servers should be used for reverse proxy lookup.
Used to publish into saslauthd.conf what servers should be used for saslauthd.conf MTA auth
get DistributionListmembership
{name@domain|id} {start|status|cancel} [{reindex-by} {value1} [value2...]]
When unread message count and quota usage are out of sync with the data in the mailbox, use this command to immediately recalculate the mailbox quota usage and unread messages count.
Important: Recalculating mailbox quota usage and message count should be schedule to run in off peak hours and used on one mailbox at a time.
[-s/--server hostname] {name@domain|id} {logging-category} {debug|info|warn|error}
[-s/ --server hostname] {name@domain|id} {logging-category}
When name@domain is specified, removes the custom logger created for the account otherwise removes all accounts all account loggers from the system.
See the zmprov Log Categories for a list of logging categories.
[-v] {ldap-query} [limit] [offset] [sortBy {attribute} [sortAscending 0|1] [domain {domain}]
{+|-} {dl-name@domain|id} {owner-name|owner-id} [{folder-path|folder-id}]
Prints all attribute names (account, domain, COS, servers, etc.).
Generates a pre-authentication key to enable a trusted third party to authenticate to allow for single-sign on. Used in conjunction with GenerateDomainPreAuth.
{domain|id} {name} {name|id|foreignPrincipal} {timestamp|0} {expires|0}
Used to publish into nginx.conf the servers that should be used for reverse proxy lookup.
Returns the list of servers that have zimbraReverseProxyLookupTarget=TRUE. Basically if a mailbox server is available for lookup requests from the proxy.
Returns a list of all domains configured with ZimbraSSLCertificate zimbraVirtualHostname and zimbraVirtualIPAddress configured. This allows the proxy to configure a list of domains to serve customized/domain certificates for.
zmprov ca name@domain.com password
Create one account with a password that is assigned to a specified COS. You must know the COS ID number. To find a COS ID, type zmprov gc <COSname>.
zmprov ca name@domain.com password zimbraCOS cosIDnumberstring
zmprov ca name@domain.com ‘’
The empty single quote is required and indicates that there is no local password.
Using a batch process to create accounts, see Managing the zimbra Collaboration Suite chapter for the procedure.
zmprov aaa accountname@domain.com aliasname@domain.com
zmprov cdl listname@domain.com
zmprov adlm listname@domain.com member@domain.com
Change the administrator’s password. Use this command to change any password. Enter the address of the password to be changed.
zmprov sp admin@domain.com password
zmprov cd marketing.domain.com zimbraAuthMech zimbra
zmprov mcf zimbraDefaultDomain domain1.com
zmprov gac -v
zmprov gaa domain.com
zmprov gaa -v domain.com
zmprov +zimbraServiceEnabled logger
Then type zmloggerctl start, to start the logger.
To modify the purge interval, set zimbraMailPurgeSleepInterval to the duration of time that the server should “sleep” between every two mailboxes. Type:
zmprov ModifyServer <server-name> zimbraMailPurgeSleepInterval <Xm>
X is the duration of time between mailbox purges; m represents minutes. You could also set <xh> for hours.
Modify zimbraNewMailNotification to customize the notification email template. A default email is sent from Postmaster notifying users that they have received mail in another mailbox. To change the template, you modify the receiving mailbox account. The variables are
You can specify which of the above variables appear in the Subject, From, or Body of the email. The following example is changing the appearance of the message in the body of the notification email that is received at name@domain.com. You can also change the template in a class of service, use zmprov mc. The command is written on one line.
zmprov ma name@domain.com zimbraNewMailNotificationBody ‘Important message from ${SENDER_ADDRESS}.${NEWLINE}Subject:${SUBJECT}’
zmprov Log Categories